VERY STRANGE Image Size behavior (when PHP script sends image to browser)

I'm using a PHP Script to read a file from outside of the document root, and sends it to the browser.

The problem is that I.E. Does not correctly "understand" the size fo the image (when I right click and select properties it says "Not Specified".  

I've tracked this down to the fact that I am calling session_start() before sending the image.  As a result, the session cookie is sent to the browser before the image data and when this happens, i.e. doesn't correctly understand the image size (for some bizarr reason).

At any rate, if I simply comment out this line, the image works EXACTLY as though it's accessed directly (not through the script).  The problem is that I need data from the session to determine which image to show.

So - my question is:

1) Is there any way to access the session data without sending a session cookie to the browser (just from my "picture" script).

2) Does anyone understand why this causes a problem in I.E. and is there any other way around it?

Thank you in advance for any help you can provide.  The script is included below:

picture.php:
            session_start();
            $filename = "/tmp/files/" . $_SESSION['filename'];
            header("Accept-Ranges: bytes");
            header("Content-Length: " . filesize($filename));
            header("Connection: close");
            header("Content-Disposition: inline; filename=" . $_SESSION['filename']);
            header("Content-Type: image/gif");
            $fd = fopen ($filename, "r");
            echo fread ($fd, filesize ($filename));
            fclose ($fd);


Again - All I have to do is just // session_start() and everything works PERFECTLY.  

Thoughts?
LVL 6
kalliopiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ashooooCommented:
Can you wrap your image in an HTML file? for eg...

picture.php:
          session_start();
          <html><head></head>
          <body><img src="pictureGen.php?name=<?php echo$_SESSION[filename]; ?>"></body></html>


pictureGen.php:
          $filename = "/tmp/files/" . $_GET['filename'];   // $_SESSION['filename'] has been changed to $_GET['name']
          header("Accept-Ranges: bytes");
          header("Content-Length: " . filesize($filename));
          header("Connection: close");
          header("Content-Disposition: inline; filename=" . $_GET['name']);
          header("Content-Type: image/gif");
          $fd = fopen ($filename, "r");
          echo fread ($fd, filesize ($filename));
          fclose ($fd);

This is just a workaround...
0
kalliopiAuthor Commented:
Thanks for the input.  I probably should have been more clear.  The whole reason for needing the session data is for security purposes.  I don't want to have to pass the filename to the file for security purposes.  The session looks up the filename in a database and verifies that the user who's logged in (also tracked in the session) has access to that file.  If I pass the filename and just print whatever's passed, the security would be lost and the person viewing the picture would be able to look at any file in the /tmp/files directory.  Does that make sense?  

It seems like I should be able to READ the session data (from a particular script) without sending the session cookie data back to the client (just from that one script).  I just don't know how to do that.  I've tried working with output buffering, and then clearning the output buffer right before sending the image data but unfortunately, output buffering does not appear to effect header data...

Thoughts?
0
aolXFTCommented:
Hmmm,

The cookie should be already on the client, and you shouldn't have to send it again, so all you want to do is read the cookie, and not resend it.

One possible workaround would be to tell sessions in that particular file not to use cookies. You might then have to copy the data from $_COOKIE to $_GET(or $_REQUEST), to fool PHP  into thinking that the SID had come from a GET(or POST) variable, and not the cookie, before calling session_start().

Let us know if it works.
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

kalliopiAuthor Commented:
aolXFT - this looks promising and I played around a little bit with turning cookies off for that specific file, but I couldn't figure it out specifically.

Can you be a little bit more explicit?
0
aolXFTCommented:
I haven't much time right now, but try

ini_set('session.use_cookies', 0);
session_start();


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kalliopiAuthor Commented:
Thank you aolXFT - that was perfect.  It did EXACTLY what I wanted.  I actually had to also add ini_set('session.cache_limiter', ''); as well, but you certainly pointed me in the right directly.  

That's AWESOME.  Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.